About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [g4] Re: [ca-tf] Draft pre-read document for the CA-TF workshop of 13 February

  • To: Henk Uijterwaal <
    >
  • From: Leo Vegoda <
    >
  • Date: Wed, 14 Feb 2007 18:28:11 +0100
  • Cc: Daniel Karrenberg <
    >, Andrew de la Haye <
    >, RIPE NCC Senior Management <
    >, 
On Feb 14, 2007, at 3:49 PM, Henk Uijterwaal wrote:

[...]
It is often implied that certification will improve the overall quality
of registration data and provide a better handle on who is the user of a
certain block of address space. I argue that it is more likely that this
will not be the case:
1) New certificates for existing address space will be based on the
current registration data. So by definition they cannot be more
accurate.
If we hand out certificates for all our data based on current registration
data, then yes, you are right. If, OTOH, we only make certificates available
to people who ask for it, then the data quality will improve, as one can ask
the LIR to check the data before the certificate is handed out.
This can be true if the process for obtaining a certificate is more onerous than ticking a box on a web page, which was a possibility briefly mentioned yesterday.

Data quality can only improve by requiring regular updates or checks. If the emphasis is on quality then the process will be relatively expensive when scaled up to a situation with tens of thousands of certificates.

There is probably a trade-off between near universal certification and useful contact information for most resources.

2) When certificates and registration databases co-exist both systems
will diverge and show different information. Is this an improvement?
No, it is not, but then I would not design the system such that there are
two master DB's that are independently maintained. There should be one
that is the master and is maintained. All other systems should pull
their information from there.
The data presumably has to come from the resource holders. Getting then to confirm or update the data on a regular basis sounds like a challenging task. Making sure that the person providing the update knows the correct contact information and can supply it might also be difficult...

[...]

* Certificates will have to be renewed. At this point, one can ask people to
verify if data is still correct, and if not, correct it before the new cert
is generated. (And this is something that can be automated to a large
extend).
... as the person renewing the certificate in many organisations is likely be a payments clerk and not involved in network operations.

Regards,

--
Leo Vegoda
IANA Numbers Liaison



Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community